<?php

if(isset($_POST['submit'])) 
{
    error_reporting(E_NOTICE);
    
    function valid_email($str)
    {
        return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
    }
    
    if($_POST['name']!='' && $_POST['email']!='' && valid_email($_POST['email'])==TRUE && strlen($_POST['comment'])>1)
    {
        $to = preg_replace("([\r\n])", "", hexstr($_POST['receiver']));
        $from = preg_replace("([\r\n])", "", $_POST['email']);
        $subject = "Website contact message from ".$_POST['name'];
        $message = $_POST['comment'];

        $match = "/(bcc:|cc:|content\-type:)/i";

        if (preg_match($match, $to) ||
        preg_match($match, $from) ||
        preg_match($match, $message)) 
        {
            die("Header injection detected.");
        }

        $headers = "From: ".$from."\r\n";
        $headers .= "Reply-to: ".$from."\r\n";

        if(mail($to, $subject, $message, $headers))
        {
            echo 1; //SUCCESS
        }
        else {
            echo 2; //FAILURE - server failure
        }
    }
    else 
    {
        echo 3; //FAILURE - not valid email
    }
}
else
{
    die("Direct access not allowed!");
}

function hexstr($hexstr) {
    $hexstr = str_replace(' ', '', $hexstr);
    $hexstr = str_replace('\x', '', $hexstr);
    $retstr = pack('H*', $hexstr);
    return $retstr;
}
